473,322 Members | 1,431 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

volunteer

Lal
Any volunteer to test a PHP+MySQL based website's vulnerability?

Thanks, Lal

Feb 25 '06 #1
5 1236
Following on from Lal's message. . .
Any volunteer to test a PHP+MySQL based website's vulnerability?

Thanks, Lal

You're right to be concerned but going about it the wrong way.

*You* need to be the one dealing with the security. *You* need to
_understand_ the threats before you can deal with them. There are
plenty of on-line resources on PHP/MySQL and security to deal with the
protection /mechanisms/ ...
....but only you can understand the /context/ in order to build a
security model. Only you can list the bad things that could happen in
order to deal with them in depth.

--
PETER FOX Not the same since the submarine business went under
pe******@eminent.demon.co.uk.not.this.bit.no.html
2 Tees Close, Witham, Essex.
Gravity beer in Essex <http://www.eminent.demon.co.uk>
Feb 25 '06 #2
Peter Fox wrote:
. . .
*You* need to be the one dealing with the security. *You* need to
_understand_ the threats before you can deal with them. There are
plenty of on-line resources on PHP/MySQL and security to deal with the
protection /mechanisms/ ...
...but only you can understand the /context/ in order to build a
security model. Only you can list the bad things that could happen in
order to deal with them in depth.

Well, yes. You are right. The problem with security is, however, that
there is bound to be a hacker that understands more than you do.

So let me add one thing to the above (as you should take a really good
interest in security):

Know What You Are Doing.

I don't mean as a programmer. You, as a programmer, don't do unexpected
things, like giving passwords away or sending unwanted emails. Your
application does. So I am really saying this to your application: Know
What You Are Doing.
As a programmer, I want to know when things go wrong. Things that go
wrong are usually my fault or at least my responsibility, so I want to
know. Therefore I log errors.
For one of my last applications (which was thrown over the wall after
being set up without any documentation), I had so many things to deal
with that I enhanced my database class to just log all SQL commands,
along with the site input. Not only the bad commands. I found this a
great help, even when there were no more SQL errors. It showed all
errors in input as well. So I knew what my application had done. If your
site traffic is not too high, I can only suggest that you run a
"general" log also. You can empty it once in a while if it gets too big,
and when some security issue presents itself, you can search the logs
and see how it was done.
Off course, this can be expanded to not only database issues, but e-mail
traffic and other applications as well. This is where your notion of
context must come in.

So learn about security, from books, colleagues, web sites, AND your own
applications. If something goes wrong, just find out and learn from the
hackers themselves.

Good luck!
Feb 25 '06 #3
Peter Fox wrote:
You're right to be concerned but going about it the wrong way.

*You* need to be the one dealing with the security. *You* need to
_understand_ the threats before you can deal with them. There are
plenty of on-line resources on PHP/MySQL and security to deal with the
protection /mechanisms/ ...
...but only you can understand the /context/ in order to build a
security model. Only you can list the bad things that could happen in
order to deal with them in depth.


One can hardly rely on programmers to write 100% secured--or for that
matter, functional--code. It's a good idea to have a second pair of
eyes to look for potential issues. The notion that someone would do
this for free is, of course, completely absurd. It's as though SQA is
not a real profession.

Feb 25 '06 #4
NC
Lal wrote:

Any volunteer to test a PHP+MySQL based website's vulnerability?


Get a copy of Nessus:

http://www.nessus.org/

and test your heart out automatically...

Cheers,
NC

Feb 25 '06 #5
Lal
Thanks for all the great suggesstions. Whats a real profession? :-D If
free is to the word to question professionalism, then php, mysql, and
many others will all be unprofessional? :-D Just a thought. Lol. Thanks
again, nice advises

Mar 6 '06 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
by: Dariush | last post by:
Hello everyone, I'm looking for volunteer php developers and graphic artist to help out creating a web site (php driven) to rebuild an existing php site. The current site was done as a half...
7
by: David O'Donoghue | last post by:
mCode, a project which began in late 2002 that aims to create a computer simulated photo-realistic world, and possible "neuro/sys", the hardware necessary to export the module's creation to the...
0
by: Wayan | last post by:
Geekcorps Volunteer - Systems Integration Kenya, East Africa Geekcorps http://www.geekcorps.org is in search of systems integration professionals experienced in developing communication systems...
37
by: Art | last post by:
Hello everyone, I am interested in starting an all volunteer website which will be directed at recovering missing children. I am aware that there are few other sites out there with the same...
1
by: BobAchgill | last post by:
What is needed to set up a home ASP.NET webservice that my VB .NET Win Form application interact with? I want to set up an architecture that will utilize volunteers hosting shadow webservices of...
1
by: steventhomas42 | last post by:
Greetings, I am creating a website for a volunteer-based organization that would like to accept volunteer registrations online. They want the visitors to fill out a simple form to submit and...
2
tpgames
by: tpgames | last post by:
I have not been able to find source code for a kids (2x2) sudoku game, and was wondering if anyone had the time to volunteer to make a JavaScript version for me that uses images. I only ask, because...
3
by: lsmith | last post by:
Dear group, I am the new volunteer coordinator for a non-profit organization in Tucson, AZ. One of my main focuses is to develop our own volunteer pool using either MS Access 2002 or Excel...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.